topic Where can I find Log Analyzer logs on Orion server? in LA Discussionshttps://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423861#M236
<HTML><HEAD></HEAD><BODY><P>I'd like to find where i can see which rule is tagging messages as they come in to the Log Viewer console.&nbsp; I have 800 different Rules, and a couple of them seem to be tagging Logs for incorrect vendors.&nbsp; I'd like to check the rules that have tagged these messages, but i can't effectively go through 800 rules one at a time. I'm hoping there's some log messages on the system that would indicate which Rule was used to tag.&nbsp; </P></BODY></HTML>Mon, 10 Feb 2020 18:08:37 GMTjere5572020-02-10T18:08:37ZWhere can I find Log Analyzer logs on Orion server?https://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423861#M236
<HTML><HEAD></HEAD><BODY><P>I'd like to find where i can see which rule is tagging messages as they come in to the Log Viewer console.&nbsp; I have 800 different Rules, and a couple of them seem to be tagging Logs for incorrect vendors.&nbsp; I'd like to check the rules that have tagged these messages, but i can't effectively go through 800 rules one at a time. I'm hoping there's some log messages on the system that would indicate which Rule was used to tag.&nbsp; </P></BODY></HTML>Mon, 10 Feb 2020 18:08:37 GMThttps://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423861#M236jere5572020-02-10T18:08:37ZRe: Where can I find Log Analyzer logs on Orion server?https://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423862#M237
<HTML><HEAD></HEAD><BODY><P>I am checking on this with the team. Not sure if there is any info in the logs or if we need some SQL / SWQL to solve this.</P></BODY></HTML>Tue, 11 Feb 2020 21:36:11 GMThttps://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423862#M237jvb2020-02-11T21:36:11ZRe: Where can I find Log Analyzer logs on Orion server?https://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423863#M238
<HTML><HEAD></HEAD><BODY><P>So it seems this is not as straight forward as a query unfortunately. There are no indications in the DB about what rule applied the tag. The only place to see what you are looking for is likely in the logs and only if the level is set to debug which can generate a great deal of info very quickly. This may be a situation where it is better to open a ticket and ask the support team to step through this with you so you can isolate the rules in question. if you decide to do that, please ping me the ticket number so I can keep an eye on it internally.</P></BODY></HTML>Wed, 12 Feb 2020 21:55:11 GMThttps://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423863#M238jvb2020-02-12T21:55:11ZRe: Where can I find Log Analyzer logs on Orion server?https://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423864#M239
<HTML><HEAD></HEAD><BODY><P>Hmm, the problem for me is going through hundreds of rules individually. Thanks Jvb! Ticket 00474905. Haven't heard back since Tuesday. </P><P></P><P>Thanks again! </P></BODY></HTML>Thu, 13 Feb 2020 21:52:44 GMThttps://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423864#M239jere5572020-02-13T21:52:44ZRe: Where can I find Log Analyzer logs on Orion server?https://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423865#M240
<HTML><HEAD></HEAD><BODY><P>Yep, understood. Lots of customers have a large amount of rules so we may need to look at improving this from a diagnostic level. Thanks for the input! I will keep an eye on the ticket and nudge it if need be.</P></BODY></HTML>Thu, 13 Feb 2020 22:03:12 GMThttps://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423865#M240jvb2020-02-13T22:03:12ZRe: Where can I find Log Analyzer logs on Orion server?https://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423866#M241
<HTML><HEAD></HEAD><BODY><P>Is there a way to see the count of how many times a particular rule fired? that may help me whittle it down to the most likely offenders. </P><P></P><P>Thanks! </P></BODY></HTML>Tue, 18 Feb 2020 14:17:33 GMThttps://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423866#M241jere5572020-02-18T14:17:33ZRe: Where can I find Log Analyzer logs on Orion server?https://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423867#M242
<HTML><HEAD></HEAD><BODY><P>Ticket seemed to have died last Friday, i've asked a few questions back to my support tech and i can't get a reply from them. </P></BODY></HTML>Wed, 19 Feb 2020 15:17:03 GMThttps://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423867#M242jere5572020-02-19T15:17:03ZRe: Where can I find Log Analyzer logs on Orion server?https://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423868#M243
<HTML><HEAD></HEAD><BODY><P>Well i was able to come up with an easy workaround that got me what i was after.&nbsp; I cloned an already existing Log Alert, and changed the trigger condition to only a vendor that i knew wasn't a legit target but was still being tagged. </P><P><span class="lia-inline-image-display-wrapper" image-alt="rule tag.PNG"><img src="https://thwack.solarwinds.com/t5/image/serverpage/image-id/4221i094F6D67E32A90AE/image-size/large?v=1.0&amp;px=999" title="rule tag.PNG" alt="rule tag.PNG" /></span></P><P></P><P> and said include Processing Rule where "is not empty". </P><P> <span class="lia-inline-image-display-wrapper" image-alt="alert trigger condition.PNG"><img src="https://thwack.solarwinds.com/t5/image/serverpage/image-id/4220i3C886EB45C869484/image-size/large?v=1.0&amp;px=999" title="alert trigger condition.PNG" alt="alert trigger condition.PNG" /></span></P><P></P><P></P><P></P><P>In the trigger action, i put 3 variables, the Log Message, the Rule Name, and Rule Definition ID.&nbsp; </P><P></P><P>It didn't take long to trigger, and as soon as it did, i see in the alert message the name of the rule that triggered the alert. </P><P><span class="lia-inline-image-display-wrapper" image-alt="rule name.PNG"><img src="https://thwack.solarwinds.com/t5/image/serverpage/image-id/4222i552D3BCED4B3396C/image-size/large?v=1.0&amp;px=999" title="rule name.PNG" alt="rule name.PNG" /></span></P><P></P><P>And sure enough, after going to that rule, i found that it did not have any conditions or limitations applied, corrected it, and haven't seen any improperly fire since. </P></BODY></HTML>Wed, 19 Feb 2020 17:00:25 GMThttps://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423868#M243jere5572020-02-19T17:00:25ZRe: Where can I find Log Analyzer logs on Orion server?https://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423869#M244
<HTML><HEAD></HEAD><BODY><P>OK, thanks for sharing the solution back here and I will do some investigation on why the ticket went dead on you. </P></BODY></HTML>Wed, 19 Feb 2020 17:48:07 GMThttps://thwack.solarwinds.com/t5/LA-Discussions/Where-can-I-find-Log-Analyzer-logs-on-Orion-server/m-p/423869#M244jvb2020-02-19T17:48:07Z